Questions buyers ask before an AI evidence audit.

A scoped review of AI workflows, approved source classes, excluded source classes, owner roles, validation needs, human gates, and preservation gaps before AI access expands.

A policy says what should happen. An evidence pack records the actual workflow boundary, source classes, exclusions, validation questions, approvals, and evidence status for review.

No. The first inquiry should use general workflow and source-class information. Do not send confidential documents, secrets, regulated records, private exports, or production logs in the first inquiry.

Common exclusions include HR records, legal or privileged materials, finance records, private inboxes, private chats, payment data, client-specific folders, stale exports, and unmanaged collaboration dumps.

No. AuditTrace provides evidence-readiness and context-boundary artifacts. Legal, compliance, privacy, and regulatory determinations stay with the client and qualified counsel or advisors.

AuditTrace reviews approved sources, exclusions, permission assumptions, index/source traceability, validation questions, and change-preservation triggers before activation or expansion.

Source additions/removals, permission changes, index rebuilds, embedding refreshes, prompt/tool changes, validation failures, excluded-source requests, workflow expansion, and approval decisions.

AuditTrace can support referral, co-delivery, and white-label-friendly packages where scope, brand, responsibilities, and client communication are clearly defined.

Timing depends on responsiveness and source clarity. The product is designed as a fixed-scope starter review, not a six-month governance project.

A readable evidence artifact with source boundary, exclusions, validation questions, human gates, manifest, DecisionCard, and recommended next action.